/SA-mitre

This app provides a method to ingest MITRE ATT&CK tactics, techniques, and subtechniques into Splunk events. The app contains a mitre_techniques KVStore with the metadata provided from MITRE to help enrich alerts and ES Correlations without needing to navigate back to MITRE.

Primary LanguagePython

Splunk Supporting Add on for MITRE ATT&CK®

This app provides a method to ingest ATT&CK tactics, techniques, and subtechniques into Splunk events.  The app contains a mitre_techniques KVStore with the metadata provided from ATT&CK to help enrich alerts and ES Correlations without needing to navigate back to the MITRE ATT&CK website.